For the second day in a row, antivirus software vendor Panda Software was issuing an alert Thursday for a new Trojan called Rolark (Trj/Rolark).

The author of this Trojan has been extremely quick off the mark, as this malicious code is programmed to exploit a vulnerability in version 5 of Microsoft Internet Information Server, discovered earlier this month, according to the vendor.

This vulnerability is a buffer overflow in the NTDLL.DLL library used by several components however, in this case it affects the WebDAV component associated with version 5 of Internet Information Server (IIS). If a specially crafted request were sent to WebDAV, it would provoke a buffer overflow that would allow an attacker to gain complete control of the server.

Rolark is not a typical Trojan, as it does not need to install itself on the server or create any files in order to carry out its actions. This malicious code can also be inserted in a machine and run remotely in order to use it as a launch pad for attacking other computers. By doing this, the ID of the machine from which the attack was launched would be hidden.

Panda Software is highly recommending installation of the patch released by Microsoft that fixes the vulnerability exploited by Rolark. This patch can be downloaded here.

W32.HLLW.Suava Worm Has Two Components

W32.HLLW.Suava is a worm that has two components: a file that downloads the worm/backdoor from a Web site; and the worm/backdoor itself. The downloader downloads a file from a Web site to %Windir%\Fb.exe, and then executes that file.

It also creates a copy of the downloaded file as C:\Windows\Mspread.exe. W32.HLLW.Suava attempts to spread to the network shares. Technical details are on this Symantec page.

Lovgate Threat Upgraded Due to Widespread Infection

Antivirus software vendor F-Secure has upgraded the Lovgate.F worm to a Level 2 threat because of the increased number of infections (Level 1 is the most serious threat rating given by F-Secure).

Lovgate.F is an e-mail and network worm with backdoor capabilities. It attempts to gain remote access using a longer list of passwords than previous variants. For more on the history of the variants, visit this F-Secure page.

Compiled by Esther Shein.